Data-provenance Verification for Secure Hosts

Network or host-based signature scanning approaches alone were proven inadequate against new and emerging malware. We view malicious bots or malware in general as entities stealthily residing on a human user’s computer and interacting with the user’s computing resources. In this existing work we need to improve the trustworthiness of a host and its system data. Specifically, we provide a new mechanism that ensures the correct origin or provenance of critical system information and prevents adversaries from utilizing host resources. We define data-provenance integrity as the security property stating that the source where a piece of data is generated cannot be spoofed or tampered with. We describe a cryptographic provenance verification approach for ensuring system properties and system-data integrity at kernel-level. Its two concrete applications are demonstrated in the keystroke integrity verification and malicious traffic detection. Specifically, we first design and implement an efficient cryptographic protocol. The protocol prevents the forgery of fake key events by malware under reasonable assumptions. Then, we demonstrate our provenance verification approach by realizing a lightweight framework for restricting outbound malware traffic. We propose a malware detection approach based on the characteristic behaviors of human users. We explore the human-malware differences and classifies them to aid the detection of infected hosts by using support vector Machine (SVM) models. The server can collects the keystroke of particular client and classifies using SVM then verifies the data provenance for secure host. The existing Cryptographic provenance verification fails to detect the malware or trustworthiness of client in their own machine means it can be easily finds the trustworthy by the server using the classification models. There are two main challenges in this proposed work: one is how to select characteristic behavior features for classification, and the other is how to prevent malware forgeries.